Image Hosting Script

[hanz]

Some time ago I bought image hosting script from http://www.scriptsnmore.com/ that came with reseller rights, now I think it is time to resell it to all of my NamePros friends for free :D . Sorry I don't have any demo set up, but I can assure you that this is one very nice script

Features:
+ Support paypal upgrades - Based on credits = uploads
+ Syndication Script - Allows others to add upload script on their website to redirect to your site after upload is completed
+ Unlimited "secondary" servers - Store images in many locations to keep load down on main server
+ Thumbnail creation for gif, jpg, jpeg using GD2
+ Thumbnail creation for bmp using imagemagick
+ Dimensions and size shown on all thumbnails created
+ Bandwidth tracking
+ IP banning
+ User registration
+ Applet uploading for registered members (Allows multiple uploads at one time)
+ Upload images in zip, then script unzips the zip file (For registered members only)
+ Deletes images not clicked x amount of times using cron job
+ Advertisement abilities when linking to image
+ Supports swf uploading
+ E-mail links to requested e-mail address
+ Tracks uploads based on IP address
+ Supports English and Chinese languages
+ Fully customizable with css, header and footer files
+ Newsletter abilities to registered members

Have fun!

 

[Richieboy67]

Sell it for free!!!! lol I like that price...............alot!!!!

Thanks, I just downloaded it! :kickass:

 

[GFX^^]

which version it is?

 

[sleepingawake]

which version it is?

i second that

 

[hanz]

which version it is?

I guess the latest as this script hasn't been developed any further

 

[Tippy]

Thanks for the script, I'm having a small problem uploading the image sql file... Error Unknown Character Set " anyone have an idea of how to fix this or what it should be?

Thanks,

Mike

 

[NetworkTown.Net]

I keep getting FATAL ERROR: Connection to database server failed. what do i do?

 

[wvccboy]

Did you read the README file?

 

[NetworkTown.Net]

Did you read the README file?

Yes, i am running on a reseller account.

 

[hanz]

Thanks for the script, I'm having a small problem uploading the image sql file... Error Unknown Character Set " anyone have an idea of how to fix this or what it should be?

Thanks,

Mike

hmm... yeah, I have attached new image.txt file, this should work

Yes, i am running on a reseller account.

did you edit config.php file?

 

[NetworkTown.Net]

hmm... yeah, I have attached new image.txt file, this should work


did you edit config.php file?

Yep i edited config.php and i ran the sql file too.

 

[RickM]

The script was developed furthur by yabsoft...the origional creator.

I also bought it from scriptsandmore ages ago, however its extreamly buggy.

 

[hanz]

Yep i edited config.php and i ran the sql file too.

Sorry! Then I don't know what could be wrong.

The script was developed furthur by yabsoft...the origional creator.

I also bought it from scriptsandmore ages ago, however its extreamly buggy.

Actually this script was stole by yabsoft (the orginal coder)

 

[yabsoft]

The more fact about this issue:

Recently,i check the visiters logs and found lots of people are from scriptsnmore.com.Just as you have read on his site,he say lots of bad words to me, which stayed there for 2 months.
At the beginning,i simplily ignore this,but gradutliy,i realeased the reputation on the net is important for me and my site. The key is that lots of people may mistake me by his partial word and fact,althrougth i believe anyone has own idea,not simplily followed someone. So this is the reason why i make such page for you

Topic By me at WHT: (This is a long details,recommend you read this carefully) View [http://www.webhostingtalk.com/showthread.php?s=&threadid=429436]
Topic By me at digitalpoint.com: (Legal Issues ) Viewhttp://forums.digitalpoint.com/showthread.php?t=23395
Topic By me at sitepoint.com: (Legal Issues ) View http://www.sitepoint.com/forums/showthread.php?t=286763
Topic By eMax at scritplance.com: View[http://forum.scriptlance.com/showthread.php?t=356

http://www.yabsoft.com/scriptsnmore.php

At fact the owner of scriptsnmore.com want to sell his site earliy:
http://webhostingtalk.com/showthread.php?t=462549&highlight=scriptsnmore

 

[hanz]

The more fact about this issue:


http://www.yabsoft.com/scriptsnmore.php

At fact the owner of scriptsnmore.com want to sell his site earliy:
http://webhostingtalk.com/showthread.php?t=462549&highlight=scriptsnmore

There is no need for any more facts - you were hired to make a custom image hosting script and when you saw that the person who hired you was making money you went greedy and decided to scam him.

 

[yabsoft]

Haha

But anyway I must point a secure hole in this old script,And I don't recommend you use it to build a serious image hosting site.Because it has lots of bugs not fixed.

I don't want you to wonder I am trying to stop others to download script and use it,so I post the secure hole here:
After installation,you can use

' or 1 or pass='

as username to login in admin apnel,althrough your username is not the one!

Solution:
Modify the login.php,line 13:

$db->setQuery("select * from setting where admin='$input[user]' and pass='$input[pass]'");

Change to:

$db->setQuery("select * from setting where admin='".mysql_escape_string($input[user])."' and pass='".mysql_escape_string($input[pass])."'");

If you want to use it,I recomend you apply the changes first!

 

[Eric]

mysql_escape_string is deprecated, I'd rather use something like:

<?php

function make_safe($value)
{
  $value = stripslashes($value);
  $value = (function_exists('mysql_real_escape_string')) ? mysql_real_escape_string($value) : addslashes($value);

  return $value;
}

?>

.

$db->setQuery("select * from setting where admin='".make_safe($input['user'])."' and pass='".make_safe($input['pass'])."'");

 

[yabsoft]

Yea,'mysql_real_escape_string' is better then 'mysql_escape_string'.

Thanks for your advance!

mysql_escape_string is deprecated, I'd rather use something like:

<?php

function make_safe($value)
{
  $value = stripslashes($value);
  $value = (function_exists('mysql_real_escape_string')) ? mysql_real_escape_string($value) : addslashes($value);

  return $value;
}

?>

.

$db->setQuery("select * from setting where admin='".make_safe($input['user'])."' and pass='".make_safe($input['pass'])."'");

 

[Bazza The Greek]

I am also getting FATAL ERROR: Connection to database server failed.

Anyone know what to do?

 

[Wybe]

Thanks for sharing!